Editors

Get Updates via E-mail

Disclaimer

The content of this blog is intended for informational purposes only. It is not intended to solicit business or to provide legal advice. Laws differ by jurisdiction, and the information on this blog may not apply to every reader. You should not take, or refrain from taking, any legal action based upon the information contained on this blog without first seeking professional counsel. Your use of the blog does not create an attorney-client relationship between you and Arnold & Porter LLP. Click here to view additional disclaimer language.

Copyright 2008-2016 Arnold & Porter LLP

Internet

September 26, 2016

The editors of the Seller Beware Blog want to let our readers know about an upcoming webinar that may be of interest to you, entitled, “Navigating the Patchwork of Federal Laws and Regulations Governing IoT”. [Full disclosure: Our firm, Arnold & Porter LLP, is sponsoring the event]

The “Internet of Things” (IoT) is dramatically changing business around the globe. It touches companies in numerous industries and is creating a wealth of opportunities and risks. The Internet of Things working group at Arnold & Porter combines diverse subject-matter experience, deep industry knowledge, and innovative thinking to help our clients navigate the complex legal and regulatory issues in this actively evolving industry.

This is the first program in our 2016-2017 IoT webinar series, Internet of Things: Changing Business Rapidly Around The Globe.

This webinar for in-house counsel will take place on Tuesday, September 27, 2016 (12:00– 1:00 pm ET).

July 21, 2016

Earlier this month, Warner Bros. Home Entertainment, Inc. settled Federal Trade Commission charges for deceptive marketing practices stemming from a 2014 online “influencer” campaign for its video game Middle Earth: Shadow of Mordor. According to the FTC’s complaint, Warner Bros. paid YouTube influencers to post positive gameplay videos on YouTube and other social media platforms without ensuring that the influencers adequately disclosed their material connection to the company. As a result, the FTC took the position that the company’s marketing campaign violated the FTC Act because it insinuated that sponsored, positive gameplay videos posted on YouTube by gaming enthusiasts were objective and independent assessments of the video game, when they were not.

The Warner Bros. settlement highlights the importance of consumer product companies ensuring that all agreements governing the promotion of company products are reviewed by attorneys who are familiar with the FTC’s concerns about native advertising. In the Warner Bros. matter, the Company hired Plaid Social Labs, LLC to coordinate a “YouTube Influencer Campaign” to help generate interest for the Shadow of Mordor game. Plaid Social Labs contracted with influencers, tasking them with creating YouTube videos reviewing the game and then, subsequently, promoting the videos on other social medial platforms. Per the agreements, the influencers were required to disclose that the videos were sponsored, but they were instructed to place the disclosure in the description box below the gameplay videos. (According to the complaint, this requirement often resulted in the influencer placing the disclosure in a place that could only be seen if a viewer clicked on a “Show More” button.) The agreements also required the influencer’s reviews to be positive, prohibiting the influencer from showing any bugs or glitches in the game or communicating any negative sentiment about Warner Bros., its affiliates or the game.

The FTC took the position that the resulting videos were in essence “sponsored advertisements” and thus “misled consumers by suggesting that the gameplay videos of Shadow of Mordor reflected the independent or objective views of the influencers” when they did not. The FTC also took the position that Warner Bros., due to improper instruction and monitoring of the YouTube influencers, failed to adequately disclose that the gamers were compensated for their positive reviews.

This settlement is a helpful reminder of the importance of marketing and legal departments taking a collaborative approach when developing marketing campaigns that include special attention to the FTC’s enforcement priorities related to native advertising. It is no longer prudent for a company to rely on a third party marketing company or media consultant to handle digital media campaigns. Instead, to mitigate risk, the strategy must include a legal review focused on ensuring that the relationship between the company and potential influencers does not develop unexpected legal obligations for the company.

May 09, 2016

The editors of the Seller Beware Blog want to let our readers know about an upcoming webinar that may be of interest to you, entitled, “Social Media: Navigating the Legal Issues”. [Full disclosure: Our firm, Arnold & Porter LLP, is sponsoring the event]

The good news is that everyone is using social media these days, including your employees. Unfortunately, this can also spell trouble. Join us for a webinar where we will discuss some of the key legal issues and challenges facing companies and organizations as they develop their own online and social media presence, and learn to identify and manage employment-related issues that can arise as a result of the new digital world. Topics will include:

Best practices and tips to minimize legal and other risks while using social media

April 12, 2016

Companies interested in the rapidly growing world of the Internet of Things (IoT) may want to participate in the recent Request for Comment (RFC) by the National Telecommunications and Information Administration (NTIA), an agency of the US Department of Commerce. NTIA seeks input from all interested stakeholders on a range of issues surrounding IoT, including, but not limited to, technological, infrastructure, economic, international, and policy issues. NTIA also seeks comments on the definition of IoT, described as “the broad umbrella term that seeks to describe the connection of physical objects, infrastructure, and environments to various identifiers, sensors, networks, and/or computing capability. In practice, it also encompasses the applications and analytic capabilities driven by getting data from, and sending instructions to, newly-digitized devices and components.”

NTIA plans to analyze the comments and then issue a “green paper” identifying key issues impacting the deployment of IoT technologies, potential benefits and challenges, and possible roles for the federal government, in partnership with the private sector, to advance IoT technologies.

July 15, 2015

Search engines have become essential tools for consumers as they look for products and make purchases online. On July 6, 2015, the US Court of Appeals for the Ninth Circuit reversed a grant of summary judgment in a trademark lawsuit brought against Amazon.com, potentially signaling greater rights for trademark owners in the search context. Multi Time Machine, Inc. v. Amazon.com, Inc. et. al..

Multi Time Machine, Inc. (MTM) manufactured upscale military-style wristwatches and owned a registered trademark for MTM SPECIAL OPS. MTM sued online retailer Amazon based on the way in which Amazon displayed search results when a consumer looked for the MTM SPECIAL OPS mark on the Amazon website. Because Amazon did not sell MTM’s watches, its “Behavior Based Search” algorithm (BBS) instead populated the page with similar products, including military-style watches manufactured by MTM competitors like Luminox and Invicta. On this results page, Amazon displayed the MTM SPECIAL OPS mark three times: (1) in the search bar; (2) in a description stating “9 results for ‘mtm special ops’;” and (3) in a “related searches” list.

In reversing a grant of summary judgment in favor Amazon, the Ninth Circuit focused in particular on how Amazon displayed its search results. The court held that, under its precedents in Network Automation, Inc. v. Advanced Sys. Concepts, Inc. and Playboy Enterprises, Inc. v. Netscape Commc’ns Corp., an additional factor should be added to the traditional test articulated in AMF Inc. v. Sleekcraft Boats: “labeling”. In Multi Time Machine, the Ninth Circuit found that this factor weighed in favor of a finding of “initial interest confusion,” i.e., confusion that occurs “not where a customer is confused about the source of a product at the time of purchase, but earlier in the shopping process.” This was because: (1) unlike other Internet retailers, Amazon did not explain in its search results that it did not stock MTM products; and (2) the search results page repeatedly displayed MTM’s mark. Thus, the Ninth Circuit reversed and remanded the grant of summary judgment in Amazon’s favor.

Multi Time Machine may expand the scope of search-related activity that could create trademark liability. Unlike trademark suits arising from keyword advertising, which have largely ceased, this case involved the result of Amazon’s proprietary BBS algorithm. And, unlike keyword cases, in which a rival company purchases advertisements tied to the plaintiff’s marks, the only use of MTM’s mark was by the consumer searching for MTM’s product. In other words, Multi Time Machine denied summary judgment for Amazon concerning what might be considered, in the search engine context, native results -- not search results sponsored by an advertiser. Many on-line retailers use search engines to guide consumers to the products they sell; Multi Time Machine raises the specter of trademark liability for such retailers where their results do not clearly indicate to the consumer whether the retailer is selling the trademarked item the consumer has searched for, or only comparable products. Only time will tell whether this potential increased scope of liability - at least in the Ninth Circuit - leads to more challenges in this context.

April 28, 2015

On April 9, 2015, the Internet Corporation for Assigned Names and Numbers (ICANN), the body governing the registration of domain names, initiated an inquiry into the practices of the Canadian company Vox Populi, the domain name registry that was selected to operate the “.sucks” generic top level domain. In a letter to the Federal Trade Commission, ICANN asked whether the new registry’s practice of selling second-level domain names to trademark owners at exorbitant prices violated any American laws. A second level domain is the name to the left of the “dot” such as “trademark” in “trademark.sucks”. ICANN’s letter, as well as the pricing practices of Vox Populi, have garnered significant attention in the media, and some, including West Virginia Senator Jay Rockefeller, have accused Vox Populi of running a “little more than a predatory shakedown scheme.”

The specific practice drawing ire from some trademark owners is Vox Populi’s sunrise period pricing. ICANN mandates that all registries of new gTLDs observe a “sunrise period” of at least thirty days during which trademark owners can register second-level domains incorporating corresponding to their registered marks before domain names are made available to the general public. Vox Populi is charging trademark owners $2,499.00 per domain registration during the sunrise period for the .sucks gTLD, which ranges from March 30 to May 29, 2015. This rate dramatically exceeds what domain name registrars typically charge during sunrise periods for registration of domain names within their new top level domain spaces. Moreover, this rate is far greater than the amount that Vox Populi intends eventually to chargenon-trademark owners for registering any domains with the “.sucks” gTLD that remain unclaimed at the end of the sunrise period.

The success of Vox Populi’s practices should hinge at least in part on whether trademark owners believe that registrants of second-level domain names in the .sucks gTLD will be able to resist trademark owners’ attempts to compel the transfer of those domain names through ICANN’s arbitration procedure, the Uniform Domain Name Dispute Resolution Policy (UDRP).

Barring an intervention from ICANN, the sunrise period for the .sucks domain ends on May 29, 2015, at which point any interested Internet user will be able to purchase second-level domain strings including registered trademarks without proving trademark ownership. It will then be up to trademark owners to test Vox Populi’s pricing practices. It also remains to be seen how ICANN arbitration panels will treat domain names incorporating the new “.sucks” gTLD. Conceivably, some registrants will argue that “.sucks” names should receive free speech protection -- an argument that ICANN panels generally have not welcomed when “sucks” forms part of the second level domain. See, e.g., Ashley Furniture Industries, Inc. v. Telos CHAMIR American.

February 25, 2015

On February 13, 2015, Yelp, Inc. filed a lawsuit in the Northern District of California against three companies offering to “game” Yelp’s review system by creating and posting bogus positive reviews on Yelp’s website. Among other things, Yelp alleges that these companies are infringing Yelp’s trademarks by using them to promote fake review services. This claim illustrates a tension in the trademark law between what constitutes fair use and what constitutes infringement.

The user employs only so much of the mark as is necessary to identify the service; and

The user does nothing to suggest sponsorship by or affiliation with the mark holder.

The Ninth Circuit has referred to these sorts of uses as “nominative fair use.”

As a practical matter, nominative fair use arises in numerous common situations, including where a news entity refers to a service or product by its trademark -- as was the case in New Kids -- or where a competitor identifies a competing product as a part of a comparative advertisement. Indeed, such use of a competitor’s mark is promoted by the Federal Trade Commission.

An analytically similar rule allows manufacturers of replacement parts or compatible products and services to identify their product or services’ compatibility by reference to a third party’s trademark. As is the case with nominative fair use, however, any such compatibility claim must be sure to avoid the suggestion the compatible product or service is sponsored or approved by the mark holder.

Yelp alleges that the actions of the fake review companies go well beyond what is allowed by these trademark doctrines. Yelp’s complaint alleges that defendants’ advertisements and social media pages include Yelp’s word and design marks in prominent locations, creating the likelihood that consumers will be confused as to Yelp’s affiliation with these fake review companies. Yelp also alleges evidence of actual consumer confusion --in this case, Yelp customers calling Yelp to complain about the fake review companies’ advertisements.

As of this writing, the case has been assigned to Magistrate Judge Paul Singh Grewal.

August 29, 2014

For some time the FTC has been focused on mobile shopping apps and whether businesses have been providing consumers with enough information about those apps. We have previously blogged about the FTC’s concerns about mobile payment technologies here.

Earlier this month, the FTC continued its efforts in this area and issued a staff report on mobile shopping apps, complete with recommendations for the companies that provide these apps. The gist of the recommendations? Provide consumers with clear and accurate information -- available before they download the apps -- about privacy, security, and who has liability for unlawful or erroneous purchases using the apps.

The report addresses three types of mobile shopping apps: price comparison apps; “deal apps” that locate coupons and discounts; and in-store purchase apps. The FTC staff identified a total of 121 apps in these categories, and evaluated all of the available “pre-download” terms and disclosures for each.

Based on its analysis, the FTC staff offered a number of recommendations:

The FTC staff found that companies generally disclosed, prior to downloading, that consumer information would be collected, but that those disclosures contained, in the words of the report, “broad and vague” statements about how the data would be used. For instance, disclosures state that data might be used to “enhance” users’ shopping experience, or indicate the “primary purpose” for collecting data without clearly stating what secondary purposes might be served by the data collection. The report recommends clarifying how such data will be used.

Similarly, the report expressed concern that policies often state that data will not be sold or shared “except as described,” but then reserve very broad rights to use the data. Moreover, up to one-third of policies reviewed allow companies to share data with no restrictions. The FTC recommends that companies clearly describe how they collect, use, and share consumer data.

The report found that data security assurances are generally included in pre-download disclosures, but according to the staff such assurances are not always backed by effective security practices, and the report recommends that companies improve in this area. Further guidance from the FTC on this topic is available here.

With respect to in-store purchase apps, the FTC staff concluded that terms concerning liability and dispute resolution are often unclear and sometimes misleading:

The report finds that nearly half of the in-store purchase apps reviewed did not disclose how the app company would handle an unauthorized, fraudulent, or erroneous transaction. The FTC recommends that companies disclose consumers’ rights and liability limits for such transactions.

As the FTC staff notes in the report, when an app allows the user to pass charges through to an external funding source (e.g., a bank account or credit card), such users are protected by federal liability limits. Nonetheless, according to the report, several companies who offer such apps disclaim all liability in their pre-download information which may lead users to believe that they must pay for unauthorized charges of any amount. The report therefore recommends that companies provide users with clear information about statutory liability limits.

The report concludes that consumers may not realize that apps using a “stored value” model, in which users move money into an account associated with the app, have no statutory liability protection. The report recommends that companies tell consumers up front how the payment service works and what they can do if they encounter a problem.

The recurrent theme of the report was that the FTC staff wants companies to provide information that enables consumers to make informed, up-front decisions about the apps they download and use. To that end, the FTC recommends -- not for the first time -- that companies providing mobile shopping apps describe clearly how they collect, use, share, and secure consumers’ personal and financial data, and also that mobile payment companies should provide clear information regarding dispute resolution and liability limits.

June 21, 2014

As mentioned in our previous post, earlier this week, the Food and Drug Administration (FDA) released two draft guidance documents for industry that offer “recommendations” regarding how pharmaceutical and medical device manufacturers can use Internet and social media platforms to (1) correct independent third party misinformation about prescription drugs and medical devices; and (2) present risk and benefit information where there are character space limitations (e.g., Twitter). Our previous blog post addressed the former, while this post focuses on the latter.

The second draft guidance, entitled “Internet/Social Media Platforms with Character Space Limitations--Presenting Risk and Benefit Information for Prescription Drugs and Medical Devices,” provides recommendations regarding the presentation of risk and benefit information for prescription drugs or medical devices using Internet/social media sources with character space limitations, such as Twitter and the sponsored search results links on Google, Yahoo, etc.. While FDA recognized the “challenging” nature of communicating in such media, the Agency maintained that “benefit claims in product promotions should be balanced with risk information” “no matter the Internet source used,” and recommended that companies provide a way for consumers to gain direct access to a more complete discussion of risks associated with their products, such as a hyperlink.

The draft guidance is not applicable to promotion via product websites, webpages on social media networking platforms (e.g., individual product pages on websites such as Facebook, Twitter, YouTube), and online web banners because they do not impose character space constraints. Nor does the draft guidance apply to reminder promotions that are exempted by regulation from the requirements under the FDCA for the disclosure of risk information.

FDA offers three points to consider when communicating benefit information on Internet/social media platforms with character space limitations:

(1) benefit information should be accurate and non-misleading and reveal material facts within each individual character-space-limited communication (e.g., each individual message or tweet);

(2) benefit information should be accompanied by risk information within each individual character-space-limited communication; and

(3) if a manufacturer concludes that adequate benefit and risk information, as well as other required information, cannot all be communicated within the same character-space-limited communication, then the manufacturer should reconsider using that platform for the intended promotional message.

Similarly, FDA offers several points to consider when communicating risk information: (1) risk information should be presented together with benefit information within each individual character-space-limited communication (e.g., each individual message or tweet); (2) the content of risk information presented within each individual character-space-limited communication should, at a minimum, include the most serious risks associated with the product; (3) a mechanism, such as a hyperlink, should also be provided within each individual character-space-limited communication to allow direct access to a more complete discussion of risk information about the product; and (4) the prominence of risk information should be comparable to the benefit information within each individual character-space-limited communication, taking into consideration any formatting capabilities available on the specific Internet/social media platform.

FDA explained that at “a minimum,” manufacturers “should communicate the most serious risks associated with the product together with the benefit information within the individual character-space-limited communication,” which for drugs generally include risks in boxed warnings, risks known to be fatal or life-threatening, and all contraindications from the Prescribing Information. With respect to the mechanism, FDA recommended that the hyperlink destination (i.e., landing page) be “devoted exclusively to the communication of risk information about the product.”

As we mentioned in our previous post, while helpful in calibrating company practices, ultimately, the new draft guidance documents do not break significant new ground, and largely adhere to FDA’s past thinking on these issues. While the guidance documents are non-binding, FDA may now decide to step up enforcement, so companies must carefully consider their internal policies and employee handbooks in light of the Agency’s positioning on these issues.

June 20, 2014

Earlier this week, the Food and Drug Administration (FDA) released two draft guidance documents for industry that offer “recommendations” regarding how pharmaceutical and medical device manufacturers can use Internet and social media platforms to (1) correct independent third party misinformation about prescription drugs and medical devices; and (2) present risk and benefit information where there are character space limitations (e.g., Twitter). This blog post will address the former and we will have a separate post on the latter.

“positive or negative incorrect representations or implications about a manufacturer’s product [and is] created or disseminated by independent third parties who are not under the manufacturer’s control or influence and that is not produced by, or on behalf of, or prompted by the manufacturer in any particular.”

The guidance does not apply when the manufacturer creates the initial product communication that contains misinformation.

FDA recommends that manufacturers making corrections address all misinformation in a clearly defined portion of a forum on the Internet or social media platform, whether the misinformation is positive or negative. FDA may object if a manufacturer responds to misinformation about its products using false or misleading information or in a manner other than that recommended in the draft guidance, or the manufacturer does not otherwise comply with applicable promotional labeling regulations. Generally, FDA recommends that corrective information be:

relevant, accurate, responsive, limited and tailored to the misinformation;

be non-promotional in nature, tone and presentation;

be supported by sufficient evidence; and

disclose that the person providing the correction is affiliated with the manufacturer.

FDA recommends that the corrective communication include the FDA-required labeling or a hyperlink to such information and that the corrective information be posted in conjunction with the misinformation (e.g., same area or forum).

While helpful in calibrating company practices, ultimately, the new draft guidance does not break significant new ground, and largely adheres to FDA’s past thinking on these issues. Although the guidance documents are non-binding, FDA may now decide to step up enforcement, so companies must carefully consider their internal policies and employee handbooks in light of the Agency’s positioning on these issues.

June 16, 2014

A recent New York Timesarticle describes how people with large followings on social media platforms like the Vine video service and Instagram are cashing in on their popularity by posting advertising. Advertisers are attracted to popular social media personalities because they can reach social media users where they spend a significant amount of their time. The article notes that there are guidelines for disclosing that social media posts are sponsored by an advertiser, and describes ways advertisers are doing so. This is a good reminder for those considering such social media marketing campaigns to freshen up on what those guidelines are to avoid getting tangled up with the Federal Trade Commission (FTC). The FTC has made clear that consumer protection principles apply in all forms of media, including social media. Both advertisers and the social media stars they partner with can be liable if they don’t follow them.

If the connection between an advertiser and endorser is not obvious, the FTC’s Guides Concerning the Use of Endorsements and Testimonials in Advertising require that consumers be told about the connection. Because it may not be obvious to consumers that an ad disseminated through consumer-generated social media -- such as a consumer-made video on Vine -- is in fact an ad, that fact may need to be disclosed. To avoid deception, disclosures about representative results from using a product or service or important terms of the offer may also be necessary. In addition, the disclosures will often need to be in the ad itself and not on a click-through webpage. The FTC’s .com Disclosures guidelines provide do’s and don’ts when making such disclosures in ads where space is at a premium, as it is in social media posts. The FTC has repeatedly cautioned that if a disclosure is necessary to avoid deception in an ad but it doesn’t fit in the medium being used, then the ad should be modified or not used. Social media can be a powerful tool for reaching potential customers, so it is worth understanding the FTC’s expectations. Failing to follow the FTC’s guidelines could result in an investigation and ultimately an injunction and perhaps consumer redress.

June 13, 2014

. . . then we’d know where in the world she was thanks to geolocation information.

Many apps on mobile devices collect information about their users’ whereabouts and movements. This information can make apps more useful (such as navigation apps that provide directions) or more fun (such as social networking apps that tell users when friends are nearby). Sometimes, though not always, app users might choose to post geolocation information about themselves, such a Facebook status update that tags the location of a night out with friends, a child’s graduation, or a family vacation. This geolocation data, however, can reveal private information about individual consumers and, worries the Federal Trade Commission (FTC), could be misused without a user’s knowledge or consent.

On June 4, 2014, the Senate Judiciary Committee’s Subcommittee for Privacy, Technology and the Law held a hearing to discuss the recently-proposed Location Privacy Protection Act, S. 2171, sponsored by Senators Al Franken (D. Minn.), Chris Coons (D.-Del.), Elizabeth Warren (D.-MA), Richard Blumenthal (D.-CT), Richard Durbin (D-IL), and Dianne Feinstein (D.-CA). This legislation would generally prohibit mobile apps from collecting, storing, or sharing users’ geolocation information without a user’s informed consent. The witnesses included Jessica Rich, the Director of the FTC’s Bureau of Consumer Protection, who testified about the FTC’s ongoing efforts to protect consumers’ privacy in this area.

In her testimony, Director Rich praised the Location Privacy Protection Act as “an important step forward” in the protection of consumers’ private data. She laid out the three main benefits of the proposed Act: 1) providing a definition of “geolocation information” that is consistent with other online privacy rules; 2) requiring entities to disclose the fact that they collect geolocation information from consumers in advance; and 3) requiring certain companies to gain affirmative consent from consumers before collecting geolocation data or disclosing geolocation data to third parties.

She emphasized the highly personal nature of geolocation information, noting that it could reveal many aspects of a person’s private life, such as whether they visited an AIDS clinic, a psychiatrist’s office, or a place of worship. Director Rich testified that in the “wrong hands” this information could be ripe for abuse. For example, some businesses might collect consumers’ information and sell it to third party advertisers. In other cases, even if a business has its customers’ consent to collect and store geolocational data, if the business’ files are vulnerable to data-breaches, the consumers’ private data might be at risk.

Director Rich also discussed a few of the FTC’s recent enforcement actions focusing on the misuse of geolocation data, such as the agency’s recent settlement with Snapchat. In addition to several other privacy issues (we discussed the matter here), the FTC alleged that Snapchat transmitted its users’ geolocational data in violation of its stated privacy policy. In the settlement, Snapchat agreed no longer misrepresent its privacy and security policies and to implement a comprehensive privacy program. Finally, Director Rich highlighted the Commission’s outreach efforts, workshops, and reports aimed at educating businesses and consumers about geolocation data. We have written about these efforts here and here.

The proposed Location Privacy Protection Act and Director Rich’s testimony should serve as a reminder that government enforcers and privacy advocates remain focused on protecting consumers’ privacy. Businesses -- in particular mobile app developers -- should review their privacy policies and ensure that they are adequately protecting their customers’ geolocation information.

June 03, 2014

In a recently released guidance document, Making Your Privacy Practices Public, the issuance of which was anticipated for almost six months, the California Attorney General has provided guidance on how websites and online services should disclose their practices regarding the collection and use of personal information, in particular with respect to behavioral tracking. The plan for the guidance was announced in December 2013, shortly after the enactment of amendments to the California Online Privacy Protection Act (CalOPPA). Under those amendments, as explained in our prior blog on a group of privacy-related bills enacted in California last fall, as of January 1, 2014, operators of websites or online services (including mobile applications) must include in their privacy policies disclosures of (1) how the operator responds to a browser “Do-Not-Track” (DNT) signal or to other mechanisms under which consumers may indicate they do not want their online activities followed, and (2) whether third parties may conduct online tracking on the operator’s site or service.

These amendments generated considerable discussion about precisely what needed be stated in online privacy policies to ensure compliance. In response, the California Attorney General, whose Privacy Enforcement and Protection Unit both enforces federal and state privacy laws and engages in educational outreach to consumers and businesses, consulted with privacy advocates, stakeholders from a variety of business sectors, and academics about how the amendments should be interpreted and implemented, as well as more general “best practices” for online privacy protection and disclosures consistent with the mandates of CalOPPA.

The resulting guidance covers not only the behavioral tracking amendment disclosure requirements, but also other aspects of CalOPPA, including its scope. As the Guidance confirms, CalOPPA is not limited in application to businesses located in California; it applies to any operator of a commercial website or online service that collects “personally identifiable information” through the Internet about individual consumers residing in California.”And by defining “personally identifiable information” broadly, the statute has a reach considerably more extensive than other privacy statutes in the United States. Under CalOPPA, the term includes not only an individual’s name, address, e-mail address or phone number, but also:

Any other identifier that permits the physical or online contacting of a specific individual, or

Information concerning a website or online service user that the site or service collects online from the user and maintains in personally identifiable form in combination with another enumerated identifier.

The guidance emphasizes this breadth, specifically stating that “[i]t should be noted that the last two types [of information] listed above can be understood to include information that is collected passively by the site or service, such as device identifier or geo-location data.”

This has some significance for websites whose privacy policies appear to treat Internet Protocol (IP) addresses as not being personally identifiable information, particularly because the new requirement for disclosure of a website or online service operator’s response to DNT signals is required whenever the operator engages in the collection of “personally identifiable information” -- as defined in CalOPPA -- by tracking a consumer’s online activities over time and across third-party websites or online services. Operators who might have interpreted this requirement to exclude some “anonymous” tracking of Internet users are now on notice that, to the extent an IP address might be used to locate an individual through his or her computer, collection of that address would be deemed to be collecting “personally identifiable information” for purposes of CalOPPA.

What about tracking a website or online service user’s activities “over time” but only on your own website or online service? Does that trigger a DNT disclosure requirement, or is the disclosure required only when personally identifiable information is collected about an individual’s online activities “over time and across third-party Web sites or online services”? The guidance appears to confirm that the statute’s reference to “and” means only operator that track across others’ websites or online services must provide the disclosure: it describes the “practice of online tracking” as “collecting personally identifiable information about consumers as they move across different websites or online services over time.”

The guidance also underscores that the 2013 CalOPPA amendments are disclosure requirements only: “There is no legal requirement for how operators of web sites or online services must respond to a browser’s DNT signal.” The aspiration of the California Legislature was to “‘increase consumer awareness of the practice of online tracking by websites and online services, such as mobile apps,’” by allowing consumers “‘to learn from a website’s privacy policy whether or not that website honors a Do Not Track signal. This will allow the consumer to make an informed decision about their use of the website or service.’”

But, as in many consumer protection contexts, requirements for website and online service operator disclosure requirements set the bar higher for satisfying consumer demands. In the context of online behavioral tracking, the disclosures prompted by the new CalOPPA amendments are likely to encourage specific standards for responding to DNT signals. In the meantime, online operators that engage in tracking will benefit from a close review of the Guidance for purposes of determining their own “best practices” in this area.

June 02, 2014

You’ve seen them at the bottom of articles on your favorite news websites -- the thumbnails and links under the heading “You May Like” or “From Around the Web” or “In the News.” But, you may not give much thought to how they got there. Internet advertising companies purchase this website space and then display advertising and links on behalf of their clients. The National Advertising Division (NAD) recently decided a dispute between two such companies (Congoo, LLC and Taboola, Inc.) over disclosures that are displayed with these advertising blocks. Congoo alleged that Taboola’s disclosure practices failed adequately to inform readers that the links were sponsored as opposed to editorial content from the website’s publisher.

Second, that it may be an unlawful deceptive practice to mislead consumers into making first contact even if the advertiser later tries to correct the misperception (see Policy Statement on Deception).

NAD concluded that Taboola was required clearly and conspicuously to disclose when the links it places are sponsored. NAD found that Taboola’s current “sponsored content” or “promoted content” disclosures were less likely to be noticed and understood by readers because they were located in the right corner (where readers are less likely to look) and in lighter and smaller text. Furthermore, NAD concluded that including the name of the sponsor below the content title was not sufficient, even considered together with the other disclosure. Accordingly, NAD recommended that Taboola modify the disclosures showing that the links were sponsored to make them more clear and conspicuous.

NAD also recommended that Taboola more explicitly convey the nature of the content being linked. NAD was particularly concerned with linked content that appeared to be news articles or sites with original content, but were in fact created by advertisers. NAD recommended that links to such content be discontinued or expressly disclosed as advertising.

Although you may not work for an Internet advertising company, chances are many of our readers deal with Internet advertising issues. Because of this and other recentactivity concerning “native” advertising -- i.e., advertising or promotional content that is closely integrated into the flow and feel of websites, apps, and other online and digital publications -- advertisers and website owners should consider whether and how they are disclosing the sponsorship of ads and other content they are placing or that are being placed on their sites.

May 16, 2014

Many retailers of goods, content, and services offer subscriptions that renew automatically without any additional action by their customers. This business model often is convenient for consumers and lucrative for businesses. However, recently-filed class actions against Spotify USA, Dropbox, and Hulu serve as a reminder to comply with California law or risk having those subscriptions deemed “gifts,” requiring refunds or imposing other penalties.

The complaints in each of the Spotify, Dropbox, and Hulu cases allege that the retailers offered California consumers automatically-renewing subscriptions without complying with a relatively recent California law governing automatic renewal of subscriptions. Automatically-renewing subscriptions offered in violation of this law could be deemed “unconditional gifts” exposing the retailer to refund claims and other remedies under California Unfair Practices Act. The outcomes of the pending lawsuits are uncertain, and Spotify recently succeeded in compelling the claims to arbitration under its terms of use (a topic on which we may comment in a future post). But retailers should be aware that non-compliance with California’s automatic-renewal law could result in significant exposure, and the law appears to be attracting the interest of the plaintiffs’ bar.

California’s automatic-renewal law has several specific disclosure and cancellation requirements, obligating most businesses offering automatically-renewing or continuous subscriptions to:

Present the following subscription terms in a clear and conspicuous manner, before the subscription agreement is fulfilled:

That the subscription will continue until the consumer cancels.

A description of the cancellation policy that applies to the offer.

The recurring charges that will be charged as part of the automatic renewal plan, that the amount of those charges may change (if that is the case), and (if known) the amount to which the charge will change.

The length of the automatic renewal term (or a statement that the subscription is continuous), unless the length of the term is chosen by the consumer.

The minimum purchase obligation (if any).

Obtain the consumer’s affirmative consent to the subscription terms before charging the consumer’s credit card, debit card, or other payment account (such as PayPal).

Provide an acknowledgement that the consumer can retain (such as an email) including the subscription terms, the cancellation policy, and information regarding how to cancel.

Provide a cost-effective, timely, and easy-to-use mechanism for cancellation (such as a toll-free phone number or an email address), described in the acknowledgement to the consumer.

For free trials, allow the consumer to cancel before payment, and provide cancellation instructions in the acknowledgement to the consumer .

Provide the consumer with a clear and conspicuous notice of any material changes to the subscription terms, and provide cancellation instructions with the notice.

Retailers offering automatically-renewing subscriptions to California consumers would do well to audit their current practices, and ensure that they are in line with California’s requirements, in addition to those of any other applicable state or federal law.

May 02, 2014

Foreign businesses need to tread carefully when planning online advertising campaigns which target or have reach to the UK market.

The main enforcer of advertising in the UK is the Advertising Standards Authority (ASA). The ASA is an independent regulator, set up by the advertising industry body Committee of Advertising Practice (CAP) to enforce CAP’s self-regulatory codes for broadcast advertising (BCAP Code) and non-broadcast advertising (CAP Code). The self-regulatory regime sits alongside the legislative framework controlling unfair commercial practices, including the Consumer Protection from Unfair Trading Regulations 2008 (CPRs) and the Business Protection from Misleading Marketing Regulations 2008 (BPRs) (which implement European Union law on unfair commercial practices, and misleading and comparative advertising respectively), as well as industry-specific legislation governing advertising of alcohol, diet products, food products, financial services, tobacco products, pharmaceuticals, and health and environmental products and services.

The ASA regulates most forms of advertising, from magazine and newspaper adverts to posters, television, radio and direct mail advertising. The ASA also has power to investigate complaints relating to online advertising, including banner adverts, paid-for (sponsored) searches and, since 2010, marketing on companies’ own websites and on non paid-for space under their control, such as social networking sites like Facebook and Twitter.

Given the ASA’s reach extends to online advertising in traditional paid-for spaces such as Google, but also claims and adverts made on a company’s own website or their social media pages, what are the risks for foreign businesses?

If a foreign business is launching a UK-based advertising campaign, then it should carefully comply with the Codes and the legislative framework (more detail below). The ASA has limited scope to deal with complaints about adverts that originate outside the UK, although, depending on the country of origin, the ASA will often refer a complaint to the relevant advertising regulator in that country for their investigation. Twenty-four European countries are members of the European Advertising Standards Alliance (EASA), an alliance which promotes reciprocity among national advertising regulators and has a cross-border complaints system.

The United States is not a member of the EASA; nor does it have a reciprocal arrangement with the UK for referring cross-border advertising complaints. The ASA has said, however, that it will take steps to act on complaints about adverts which do not originate from the UK, but are directed at UK consumers. The ASA’s guidance says that “directing” an advert at UK consumers may include showing any applicable prices in GBP(£), including UK contact details (for example, for customer service or website enquires) or using a <<.co.uk.>> gTLD, irrespective of where the organisation is established.

So what do foreign businesses need to do to comply with the UK Codes? Under the CAP and BCAP Code, all advertising in the UK (or targeting the UK market) must be legal, decent, honest and truthful, respect fair competition and be prepared with a sense of responsibility to consumers and to society. In addition, advertising must not mislead (or be likely to do so) directly or by omission or by presenting information in an unclear, unintelligible or ambiguous manner or by exaggeration, and advertisers must be capable of objectively substantiating their claims (express of implied) by documentary evidence if they are challenged. Mere “puffery” is allowed, but only where the claim is obviously exaggerated or subjective (for example, a claim that a product is “out of this world” would not be construed literally). The ASA is extremely active in monitoring and adjudicating advertising and we have seen numerous occasions where business’ creative advertising, bold claims or attempts at puffery have been found to breach the Codes. For example, the ASA has consistently found that claims such as “best”, “most advanced”, “better”, “best value” have fallen foul of the Codes; although these claims may be considered as puffery in other jurisdictions, the ASA would require the marketer to show that it is indeed the “best” or “most advanced” in the class, by way of documentary evidence. A solution in these cases could be to highlight the superior elements of the product or service advertised, such as it being “lightest in class” or “smallest on the market” if evidence bears that out. Care should also be taken to avoid advertising that, for example, glorifies alcohol consumption (see our post here by way of illustration), excessive speed while driving (see here) or makes inappropriate “organic” claims (see here).

The ASA’s powers to sanction infringers are fairly limited; they have no power to impose fines, but they can order non-compliant advertisers to take down all infringing adverts. Rulings are published weekly in full detail on the ASA’s public website (the so-called “name and shame” system). The ASA is also able to refer serious or persistent breaches of the Codes to local weights and measures authorities (local authority regulators that have powers to investigate traders acting outside the law) and to the Competition and Markets Authority, which have greater powers to enforce consumer protection legislation under Part 8 of the Enterprise Act 2002.

Foreign businesses targeting the UK market should therefore take care to review their advertising and marketing practices prior to publication. Crucially, advertising which is seen as mere puffery abroad may not be in the UK. Businesses must therefore ensure that they hold documentary evidence to prove all claims (express or implied) which are capable of objective substantiation, and take care to comply with the Codes, not only in respect of traditional advertising on television, billboards and in magazines, but also online and on their own websites if directed at the UK market.

April 02, 2014

Most people take for granted the 24/7 availability of information, products, and services online. Businesses can interact with their customers no matter where they -- the business or the customer -- may be. This very capability has led many businesses, both old and new, to eliminate physical stores or locations or offices entirely, moving their entire customer interface online. For individuals with disabilities, such as a person who is blind or with low vision or a person who is deaf or hard of hearing, this shift may not necessarily provide the same benefits if the websites fail to provide adequate accessibility features for visual information or for audio content.

The Department of Justice’s (DOJ) 2010 revision to the regulations of Title III of the Americans with Disabilities Act (ADA) took “the position that title III covers access to Web sites of public accommodations.” If a business already has to comply with Title III and its regulations, its website now have to comply as well. For example, if a bank’s website allows users to check their account balance 24/7, but the website lacks full accessibility for individuals who are blind or with low vision or individuals who are deaf or hard of hearing, the bank must provide an “alternative accessible method” 24/7, such as accessible phone number, software that can read the website text or captioning for any audio information. DOJ has not yet determined whether businesses that are not already public accommodations (i.e., web-only businesses) must also comply with Title III, though DOJ indicated at the time the regulations were revised that it expects to do so.

California’s Disabled Persons Act (DPA) also addresses disability rights and accessibility issues and provides under § 54(c) that violations of the ADA are also violations of the DPA. Like the ADA, the DPA mandates accessibility of public accommodations. On February 5, 2014, the Ninth Circuit certified to the California Supreme Court the question of whether “places of public accommodation” as referenced in the DPA “include websites, which are non-physical places.”

The question certified arose out of Greater Los Angeles Agency on Deafness, Inc. v. CNN, Inc. The Greater Los Angeles Agency on Deafness, Inc.’s (GLAD’s) DPA claim alleged that Cable News Network’s (CNN’s) decision not to provide closed captioning on its website videos failed to “ensure that the benefits and advantages offered by CNN.com are fully and equally enjoyable to persons who are deaf or have hearing loss in California.” CNN sought to dismiss that action under California’s Anti-SLAPP statute, which allows early dismissal of actions if they are in the furtherance of free speech and if the plaintiff has not shown a probability of success on the merits. CNN argued that its decision not to provide closed captioning was in furtherance of its right to free speech. A magistrate judge disagreed, ruling that CNN failed to show that GLAD’s challenge came from acts in furtherance of its free speech right.

CNN appealed and the Ninth Circuit reversed, holding that because the decision of whether to provide closed captioning would change the way the network chose to present the news, it implicated its free speech rights. As to whether GLAD was likely to succeed on the merits of the claim, however, the Ninth Circuit certified the question to the California Supreme Court in order to determine whether the DPA applies to websites.

The question remains pending with the California Supreme Court. Even if the California Supreme Court finds that the DPA does not define “places of public accommodation” to include websites, businesses without a physical presence should be mindful that as online commerce continues to develop, the state of the law could change rapidly. Already the DOJ has hinted that it may interpret the ADA to cover websites as public accommodations and other states may interpret their laws differently than California. Providing accessibility options on websites before they are legally mandated has the added benefit of being inclusive and showing responsiveness to the needs of customers.

January 22, 2014

We have previously written about the manner in which in-app content is marketed to children. Now, Apple Inc. has agreed to provide at least $32.5 million in refunds to consumers for in-app purchases made by minors accidentally or without parental consent.

The FTC’s complaint alleges that Apple’s procedures for in-app purchases are unfair because Apple often fails to obtain the parent’s informed consent for in-app charges. After an iTunes user enters the account password to buy an app or make an in-app purchase, additional purchases may be made for fifteen minutes without reentering the password. Apple does not expressly warn users about this fifteen-minute window, which enables children to make additional purchases unbeknownst to their parents. Some children managed to rack up hundreds or even thousands of dollars of in-app charges during these fifteen-minute windows.

The settlement agreement requires Apple to provide full refunds for unauthorized or accidental in-app purchases made by children. The settlement also requires Apple to change its billing practices to ensure it has obtained the account holder’s “express, informed consent” for all in-app purchases. If Apple wants to continue allowing users prospectively to authorize future in-app purchases, it must clearly disclose the scope of that authorization and allow the user to revoke that consent at any time.

This settlement demonstrates the FTC’s willingness to pursue what it considers unfair practices in the high-tech realm. As FTC Chairwoman Edith Ramirez stated:

[W]hether you’re doing business in the mobile arena or the mall down the street, fundamental consumer protections apply. You cannot charge consumers for purchases they did not authorize.

Digital content providers should take care to ensure that their disclosure practices are adequate.

This matter also illustrates the important role that consumer complaints can play in shaping enforcement priorities. The FTC’s complaint twice mentions that tens of thousands of customers had complained to Apple about unauthorized in-app purchases by children. Apple’s stated policy was that all in-app purchases were considered final, and Apple did not change its procedures or policy despite the continuing stream of customer complaints.

December 09, 2013

On Wednesday, the Federal Trade Commission (FTC) held a one-day workshop titled Blurred Lines: Advertising or Content about online “native advertising.” The workshop brought together representatives from online publishing, advertising, academia, consumer groups, government, and the private bar to discuss the uses and potential risks of native advertising in digital media. As is usually the case, this FTC workshop was more about fact gathering and issue spotting than providing concrete guidance. But, it did provide valuable insight for advertisers, agencies, and publishers involved in or exploring native advertising.

There is no clear-cut definition of online native advertising, but it can be thought of as advertising or promotional content that is closely integrated into the flow and feel of websites, apps, and other online and digital publications. It can take the form of a company sponsoring a topical section on a website -- like a car company sponsoring the automotive section -- a company sponsoring specific articles, or the “From Around the Web” sections at the bottom of many online articles displaying sponsored content. For advertisers, the attraction of native advertising is providing consumers with valuable content that traditional advertising does not.

Although digital media may present new challenges for regulators, native advertising is not new. The same principles that apply to newspaper advertising in the genre of news articles, TV infomercials that look like talk shows, and paid-for search engine results also apply to the newer forms of online native advertising. The FTC is more likely to have concerns if the omission of information about the sponsor would mislead a reasonable consumer into believing that she was viewing non-commercial, unbiased content or if that information would be important to her purchasing decision.

The workshop highlighted two key questions: (1) When should the sponsorship of content be disclosed? (2) If disclosure is required, how should it be done so that consumers read and understand the relationship?

Based on the panel discussions, advertisers, advertising agencies, and online publishers should keep the following considerations in mind:

Is the content commercial or non-commercial in nature? Does it relate to the sponsor’s product, product category, or product attribute?

Will consumers be able to differentiate -- whether from disclaimers or visual cues -- between sponsored content and editorial content?

What is the nature of the relationship between the sponsor, the publisher, and the content? Is the sponsor just underwriting the operations of the online publication, or does the sponsor have substantive input into the content?

Will consumers understand the relationship from the disclosure -- i.e., how do consumers understand terms such as “advertisement,” “sponsored,” “sponsored content,” etc.?

What are the online publisher’s disclosure requirements? The publisher may have requirements that go beyond those required by the law.

This is clearly an area of interest to the FTC. We expect the FTC to continue to look at online native advertising practices and research on how consumers perceive and interact with it. In addition, we might see more FTC enforcement actions, particularly in clear-cut cases.

November 26, 2013

The Federal Trade Commission (FTC) and National Advertising Division (NAD) have both recently expressed interest in online “native advertising” or “sponsored content”—online advertising that consumers might mistake for non-commercial editorial content. Native advertising includes, for example, online advertisements that resemble news articles, sponsored links that are placed near search engine results, and blogs or social media accounts created to promote products. The FTC is hosting a one-day workshop on native advertising called “Blurred Lines: Advertising or Content” on December 4, 2013, and it has issued updated guidance on related issues during the past year. Also, the NAD recently issued a decision that addressed an advertiser’s alleged failure to identify online messages as advertising.

The FTC’s December 4, 2013 workshop will feature discussions about what advertisers and companies should do to ensure that consumers can distinguish online advertising from other content. According to the draft agenda, the workshop will include panels with representatives from the advertising industry, websites, academia, consumer advocacy organizations, and self-regulatory organizations. The workshop is free and open to the public. We expect that as a follow-up to the workshop the FTC will issue a report providing guidance for native advertising.

This workshop comes a few months after the FTC issued letters to search engine companies in June 2013, updating its 2002 guidance on distinguishing paid search results from “natural” search results. The letters reiterated the FTC’s position that it is a deceptive practice to display search results in a way that makes it difficult for consumers to distinguish sponsored links from organic or “natural” search results. In recent years, the FTC noted, it had “observed a decline in compliance” with the 2002 guidance as “the features traditional search engines use to differentiate advertising from natural search results have become less noticeable to consumers.” In the letter, the FTC suggested methods for search engines to distinguish paid and natural search results clearly and prominently, including visual cues and text labels.

In a recent decision, the NAD addressed a company’s alleged failure to disclose that certain messages on blogs and social media were advertisements. eSalon operated a blog that promoted its products, but the blog’s connection to eSalon was only disclosed at the bottom of the page, where the user had to scroll to view it. The NAD recommended several changes to make eSalon’s sponsorship of the blog clearer and more conspicuous to consumers. In addition, the NAD recommended that eSalon disclose any incentives that it has provided to reviewers of its products (such as compensation or free products) before re-posting or re-tweeting those reviews. Finally, citing the FTC’s Endorsement Guides, the NAD advised eSalon to stop using pictures of celebrities on its websites because this could lead consumers to believe incorrectly that the celebrities had endorsed eSalon’s products.

The requirement that advertisements should be distinguished from editorial content reflects principles from the FTC’s 2009 Revised Endorsement and Testimonial Guides. Endorsements are likely to lead consumers to believe that the message “reflects the opinions, beliefs, finding, or experiences of a party other than the sponsoring advertiser.” Accordingly, the Endorsement Guides provide guidelines designed to help consumers better evaluate the advertising message conveyed through endorsements. For example, advertisers must clearly and conspicuously disclose any material connections between themselves and endorsers, and advertisements with actors portraying “actual consumers” should clearly and conspicuously disclose that actors have been used.

Native advertising is also in the news due to Wikipedia’s recent announcement that hundreds of user accounts were affiliated with Wiki-PR, a company that allegedly creates or revises Wikipedia entries to advertise or promote its clients’ interests. The Wikimedia Foundation, which operates Wikipedia, responded by banning over 250 user accounts and issuing a cease and desist letter demanding that Wiki-PR stop editing Wikipedia. In the letter, Wikimedia explained that its Terms of Use prohibit users from “misrepresenting your affiliation with any individual or entity” and discussed the potential for legal action. Wikipedia’s policy echoes the guidance from the FTC and the NAD—paid-for messaging should not be presented as non-commercial content.